Secure messaging center

ABSTRACT

A secure messaging system is disclosed wherein messages are transmitted to a user based on a feature unique to the user, such as an account number. The user authenticates himself, then messages associated with the user can be displayed.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of and claims priority to, and thebenefit of U.S. Ser. No. 10/601,468 entitled “SECURE MESSAGING CENTER”,filed on Jun. 23, 2003. The '468 application claims priority from U.S.Provisional Application Ser. No. 60/465,818, filed Apr. 25, 2003. Eachof the aforementioned applications are incorporated by reference hereinin their entirety.

FIELD OF INVENTION

This application generally relates to a system for secure messaging, andmore particularly, to a compute-implemented method and system forproviding a secure area for users to read electronic messages.

BACKGROUND OF THE INVENTION

Electronic mail (“e-mail”) has revolutionized communications. Before theadvent of e-mail, communications in writing were typically transferredvia a postal service or facsimile. However, both methods suffer fromvarious problems. For example, mail sent via the postal service takes arelatively long time to reach the destination, and the cost to decreasethe delivery time rises quickly if a special delivery service is used.Facsimile transmission often suffers from quality and availabilityproblems, as a facsimile transmission is typically of lower quality thanthe original and many individuals do not have easy access to facsimilemachines.

E-mail solved or minimized several of those problems, as thetransmission time of an email is very short and the quality of thereceived communication is identical to that of the original. However,one problem with typical e-mail usage is the relative low security ofe-mail transmissions. Specifically, an e-mail communication typicallytravels throughout the Internet such that the email could possibly beintercepted and read. One method to minimize the problems ofeavesdropping is to encrypt communications by using, for example, apublic-key cryptography solution. Using such a solution, only theintended recipient can decrypt the e-mail. However, such an encryptionprocess is often cumbersome and many people do not wish to go throughthe routine of decrypting the e-mail and/or sending their keys to e-mailsenders.

Moreover, certain types of businesses often wish to send privatemessages to its customers. For example, financial institutions, such asbanks, credit card companies, brokerages, and the like, often sendperiodic statements to account holders to inform the account holders asto the performance of their accounts. Such information is intended to beprivate and it is not desirable to allow third parties to read thesetypes of messages. Therefore, many businesses still use postal servicesto provide such services. However, in addition to the limitationsdiscussed above, usage of postal services usually results in additionalexpenditures for the business, such as envelopes, paper, and postage,that may not be necessary if electronic statements were utilized.

To alleviate some of the security issues, companies used secure websitesto allow access to information. Specifically, if the company wishes fora customer to view a statement, the business sends an e-mail to thecustomer, wherein the e-mail contains a Uniform Resource Locator(“URL”). The URL leads the customer to a secure area of the network,wherein the secure area contains the statement in question. This istypically accomplished by providing a Secure Sockets Layer (“SSL”)encoding of the site located at the URL in question. However, such asetup still suffers from a variety of problems. For example, the e-mailbeing sent to the customer containing the URL is not secure, meaningthat one can intercept the message and access the URL in question.Accordingly, a need exists for allowing users to access messages in amore secure manner.

SUMMARY OF THE INVENTION

A system is disclosed which solves the above-described problems. Thesystem provides for a means by which a user can access private messages.The method for facilitating the sending of messages includes storing themessage in a database; associating the message with an intendedrecipient by a first unique identifier; notifying the intended recipientof the message for said recipient which is stored in the database;providing a web site for the recipient to view the message;authenticating the recipient using a second unique identifier; searchingthe database to find messages associated with the recipient by matchingsaid first unique identifier; and displaying the messages associatedwith the recipient.

BRIEF DESCRIPTION OF THE DRAWINGS

A more complete understanding of the present invention may be derived byreferring to the detailed description and claims when considered inconnection with the Figures, where like reference numbers refer tosimilar elements throughout the Figures, and:

FIG. 1 is a flowchart illustrating the operation of an embodiment of thepresent invention; and

FIG. 2 is a flowchart further illustrating the operation of anembodiment of the present invention.

DETAILED DESCRIPTION

The present invention may be described herein in terms of variousfunctional components and various processing steps. It should beappreciated that such functional components may be realized by a varietyof different hardware or structural components configured to perform thespecified functions. For purposes of illustration only, exemplaryembodiments of the present invention will be described herein. Further,it should be noted that, while various components may be suitablycoupled or connected to other components, such connections and couplingsmay be realized by a direct connection between components, or by aconnection through other components and devices.

An embodiment of the present invention operates by establishing a securearea of a web site in which a customer can access various messages.Other embodiments of the present invention include a system and methodfor associating messages with unique identifiers, then searching anddisplaying the messages having similar unique identifiers.

More specifically, with reference to FIG. 1, in an exemplary embodiment,when an entity wishes to send a message to a user, it stores the messagein a database (step 102). The message may be stored in the database by avariety of different methods now known, or developed in the future.Databases discussed herein may be any type of database, such asrelational, hierarchical, object-oriented, and/or the like. Commondatabase products that may be used to implement the databases includeDB2 by IBM (White Plains, N.Y.), any of the various database productsavailable from Oracle Corporation (Redwood Shores, Calif.), MicrosoftAccess or MSSQL by Microsoft Corporation (Redmond, Wash.), or any otherdatabase product. Database may be organized in any suitable manner,including as data tables or lookup tables. Association of certain datamay be accomplished through any data association technique known andpracticed in the art. For example, the association may be accomplishedeither manually or automatically. Automatic association techniques mayinclude, for example, a database search, a database merge, GREP, AGREP,SQL, and/or the like. The association step may be accomplished by adatabase merge function, for example, using a “key field” in each of themanufacturer and retailer data tables. A “key field” partitions thedatabase according to the high-level class of objects defined by the keyfield. For example, a certain class may be designated as a key field inboth the first data table and the second data table, and the two datatables may then be merged on the basis of the class data in the keyfield. In this embodiment, the data corresponding to the key field ineach of the merged data tables is preferably the same. However, datatables having similar, though not identical, data in the key fields mayalso be merged by using AGREP, for example.

Many types of messages can be sent to the user including, for example,statements, special offers, responses to inquiries, transactionconfirmations and/or the like. The user is then notified that there is amessage waiting for him (step 104). This notification may occur in anyof a variety of manners known in the art or hereafter developed. Forexample, the system may cause one or more emails to be sent to the user,wherein the email indicates that the user has a message waiting for himand the system may disclose a particular site where the email can beaccessed. Communication between the parties may be accomplished throughany suitable communication means, such as, for example, a telephonenetwork, Intranet, Internet, point of interaction device (point of saledevice, personal digital assistant, cellular phone, kiosk, etc.), onlinecommunications, off-line communications, wireless communications,transponder communications and/or the like. One skilled in the art willalso appreciate that, for security reasons, any databases, systems, orcomponents of the present invention may consist of any combination ofdatabases or components at a single location or at multiple locations,wherein each database or system includes any of various suitablesecurity features, such as firewalls, access codes, encryption,de-encryption, compression, decompression, and/or the like.

The user then accesses a site with a webpage where he can obtain themessage (step 106). In an embodiment of the present invention, the userwould access a web site by entering in a URL in a web browser, such asInternet Explorer, Mozilla, Netscape Navigator, and the like. In thealternative, the user may click on a link which leads the user to theweb site. The term “webpage” as it is used herein is not meant to limitthe type of documents and applications that might be used to interactwith the user. For example, a typical website might include, in additionto standard HTML documents, various forms, Java applets, Javascript,active server pages (ASP), common gateway interface scripts (CGI),extensible markup language (XML), dynamic HTML, cascading style sheets(CSS), helper applications, plug-ins, and the like. A server may includea web service which receives a request from a browser which includes aURL (http://yahoo.com/stockquotes/ge) and an IP address (123.56.789).The web service retrieves the appropriate webpages and sends thewebpages to the IP address.

Once at the website, the user authenticates himself using an identifier(step 108). This may occur in a variety of ways, such as, for example,the entry of a user id and/or password (GUID or Global Uniqueidentifier), biometric means (such as fingerprint identification,retinal and iris scans, hand geometry, facial feature recognition,signature dynamics, voice verification, and the like), electric dongles,and/or the like. In an embodiment of the present invention, after theuser is authenticated, communications between the user and the websiteare secure. The secure communications may be provided through SSL,secure http, transport layer security (“TLS”) or a variety of othermethods now known or developed in the future.

After the user is authenticated and the user indicates a desire to viewmessages (for example, by clicking a link), the database is searched tofind messages directed to the user (step 110). The searching may includea variety of methods now known or developed in the future. For example,an SQL SELECT command may be used to query the database. After themessages are retrieved, they are displayed to the user (step 112). Sucha display step may occur in one of a variety of methods now known ordeveloped in the future. In an embodiment of the invention, a link tothe message is presented to the user on the user's display device, alongwith various aspects of the message, such as a date/time oftransmission, and a subject line.

In another embodiment of the present invention, it is not necessary fora user to have created a user ID/password in order to receive messages.With reference to FIG. 2, messages in the database may be associatedwith an identifier, such as, for example, an account or an accountnumber. Each account holder may have various types of information storedin various databases. The information may include contact information,such as a name, address, telephone number, and e-mail address. When amessage is sent to a holder of an account number, an e-mail is sent tothe e-mail address of record associated with the account number (step202). An “account” or “account number”, as used herein, may include anydevice, code, number, letter, symbol, digital certificate, smart chip,digital signal, analog signal, biometric or other identifier/indiciasuitably configured to allow the consumer to interact or communicatewith the system, such as, for example, authorization/access code,personal identification number (PIN), Internet code, otheridentification code, and/or the like which is optionally located on arewards card, charge card, credit card, debit card, prepaid card,telephone card, smart card, magnetic stripe card, bar code card,transponder, radio frequency card and/or the like. The account numbermay be distributed and stored in any form of plastic, electronic,magnetic, radio frequency, wireless, audio and/or optical device capableof transmitting or downloading data from itself to a second device. Acustomer account number may be, for example, a sixteen-digit credit cardnumber, although each credit provider has its own numbering system, suchas the fifteen-digit numbering system used by American Express. Eachcompany's credit card numbers comply with that company's standardizedformat such that the company using a sixteen-digit format will generallyuse four spaced sets of numbers, as represented by the number “0000 00000000 0000”. The first five to seven digits are reserved for processingpurposes and identify the issuing bank, card type and etc. In thisexample, the last sixteenth digit is used as a sum check for thesixteen-digit number. The intermediary eight-to-ten digits are used touniquely identify the customer. A merchant account number may be, forexample, any number or alpha-numeric characters that identifies aparticular merchant for purposes of card acceptance, accountreconciliation, reporting, or the like.

The user, upon receiving the e-mail, is directed (via a link, pop-upbox, instruction, etc.) to a website that allows the user to create auser ID/password (step 204). After creating the user ID/password, theinformation is shared with the secure message center. The informationcan be shared by entering the user ID/password information in thedatabase. The user is then directed to the secure message center (step206). Thereafter, the operation proceeds in a manner similar to that insteps 108 to 112 of FIG. 1.

In an embodiment of the invention, the system may track the user'sactions. For example, if a user logs into the system and reads amessage, the system tracks such activity in a separate database. Inaddition, if the user selects a link in the message, such activity mayalso be tracked by creating entries in the database when such actionsoccur.

In an embodiment of the invention, a message has an expiration date.After a user reads a message, the message is flagged in the database asbeing read by that user. A set time period can be set for the message toremain accessible to the user or the system can limit the number oftimes the message may be accessed. After such time, the user would beunable to access the message. Such functionality can be provided in avariety of manners. For example, there may be a field in the messagecontaining an expiration date. Once the expiration date occurs, themessage is eliminated from the database such that it is no longeraccessible. In one embodiment of the invention, the message is archivedto a separate database, but eliminated from the message database. Such atask allows, for example, the message database to be smaller in size forfaster performance.

In another embodiment of the invention, a save feature is available tothe user. Using the save feature, the expiration date of the message isextended by a period of time established by the user or a default by thesystem. Such functionality may be provided by changing the expirationdate field in the message database.

In another embodiment of the present invention, attachments areavailable to both users and to the institution running the system. Anattachment is a file in a particular format that is sent along with thetext message. For example an attachment may be a spreadsheet file thatallows a user to perform calculations and track data. An attachment mayalso contain an image such as, for example, a scan of a user'sstatements. The image may be in a variety of formats, such as a PDF filereadable by Adobe Acrobat. Attachments may be stored on the server in amanner such that the attachments are accessible by the message database.However, if an unauthorized user was able to gain access to the system,he may be able to view the attachment files. Therefore, in anotherembodiment of the present invention, the files are stored usingDistributed Computing Environment (“DCE”) and Distributed File Service(“DFS”) (collectively known as DCE/DFS). DCE/DFS provides security andprotects and controls access to data. Such security may also beavailable to the message database.

The above-presented steps provide several advantages over systems of theprior art. For example, instead of using a static “inbox” functionality,wherein messages sent to a user are stored such that messages to aparticular user are stored separately from messages to other users, inthe present invention, messages to the user are dynamically accessedupon authentication of the user. This typically results in the reducedneed for storage space. For example, a credit card company may have aspecial offer to account holders with credit limits over a certaindollar amount. With a static “inbox” functionality, a message regardingthe special offer would typically be sent to each user. Since the“inbox” is on the servers of the credit card company, the resultincludes possibly thousands of copies of the message residing on thecredit card company's servers.

Using the dynamic message retrieval function, only a single copy of themessage is stored on the credit card company's servers as an entry inthe above-described database. One portion of the entry will note theusers to whom the message is addressed. When the user is authenticated,the user will then be able to view a copy of the message. Instead ofthousands of copies of the same message being copied and stored on thecredit card company's servers, only a single copy, with an indication ofthe intended recipients, is necessary.

Another benefit of the present invention arises for users with multipletypes of accounts. For example, a user may have a brokerage account anda credit account with the same financial institution. In the prior art,each account would have separate messages using separate systems. A userwould be required to access many different systems to access all of hismessages. Using an embodiment of the present invention, however, amessage from, for example, a brokerage unit can be sent to a user alongwith messages from a credit unit. As described above, it is not evennecessary for the brokerage unit and the credit unit to be aware of theuser's ID, as messages can be associated with an account number insteadof with a user ID.

The present invention is described herein with reference to blockdiagrams, flowchart illustrations of methods, systems, and computerprogram products according to various aspects of the invention. It willbe understood that each functional block of the block diagrams and theflowchart illustrations, and combinations of functional blocks in blockdiagrams and flowchart illustrations, respectively, may be implementedby computer program instructions. These computer program instructionsmay be loaded on a general purpose computer, special purpose computer,or other programmable data processing apparatus to produce a machine,such that the instructions which execute on the computer or otherprogrammable data processing apparatus create means for implementing thefunctions specified in the flowchart block or blocks.

For the sake of brevity, conventional data networking, applicationdevelopment and other functional aspects of the systems (and componentsof the individual operating components of the systems) may not bedescribed in detail herein. Furthermore, the connecting lines shown inthe various figures contained herein are intended to represent exemplaryfunctional relationships and/or physical couplings between the variouselements. It should be noted that many alternative or additionalfunctional relationships or physical connections may be present in apractical electronic transaction system.

The present invention may be described herein in terms of functionalblock components, screen shots, optional selections and variousprocessing steps. It should be appreciated that such functional blocksmay be realized by any number of hardware and/or software componentsconfigured to perform the specified functions. For example, the presentinvention may employ various integrated circuit components, e.g., memoryelements, processing elements, logic elements, look-up tables, and thelike, which may carry out a variety of functions under the control ofone or more microprocessors or other control devices. Similarly, thesoftware elements of the present invention may be implemented with anyprogramming or scripting language such as C, C++, Java, COBOL,assembler, PERL, Visual Basic, SQL Stored Procedures, extensible markuplanguage (XML), with the various algorithms being implemented with anycombination of data structures, objects, processes, routines or otherprogramming elements. Further, it should be noted that the presentinvention may employ any number of conventional techniques for datatransmission, signaling, data processing, network control, and the like.Still further, the invention could be used to detect or prevent securityissues with a client-side scripting language, such as JavaScript.VBScript or the like. For a basic introduction of cryptography andnetwork security, the following may be helpful references: (1) “AppliedCryptography: Protocols, Algorithms, And Source Code In C,” by BruceSchneier, published by John Wiley & Sons (second edition, 1996); (2)“Java Cryptography” by Jonathan Knudson, published by O'Reilly &Associates (1998); (3) “Cryptography & Network Security: Principles &Practice” by William Stalling, published by Prentice Hall; all of whichare hereby incorporated by reference.

These computer program instructions may also be stored in acomputer-readable memory that can direct a computer or otherprogrammable data processing apparatus to function in a particularmanner, such that the instructions stored in the computer-readablememory produce an article of manufacture including instruction meanswhich implement the function specified in the flowchart block or blocks.The computer program instructions may also be loaded on a computer orother programmable data processing apparatus to cause a series ofoperational steps to be performed on the computer or other programmableapparatus to produce a computer-implemented process such that theinstructions which execute on the computer or other programmableapparatus provide steps for implementing the functions specified in theflowchart block or blocks.

Accordingly, functional blocks of the block diagrams and flowchartillustrations support combinations of means for performing the specifiedfunctions, combinations of steps for performing the specified functions,and program instruction means for performing the specified functions. Itwill also be understood that each functional block of the block diagramsand flowchart illustrations, and combinations of functional blocks inthe block diagrams and flowchart illustrations, can be implemented byeither special purpose hardware-based computer systems which perform thespecified functions or steps, or suitable combinations of specialpurpose hardware and computer instructions.

The system may include a host server or other computing systemsincluding a processor for processing digital data, a memory coupled tosaid processor for storing digital data, an input digitizer coupled tothe processor for inputting digital data, an application program storedin said memory and accessible by said processor for directing processingof digital data by said processor, a display coupled to the processorand memory for displaying information derived from digital dataprocessed by said processor and a plurality of databases, said databasesincluding client data, merchant data, financial institution data and/orlike data that could be used in association with the present invention.As those skilled in the art will appreciate, user computer willtypically include an operating system (e.g., Windows NT, 95/98/2000,Linux, Solaris, etc.) as well as various conventional support softwareand drivers typically associated with computers. User computer can be ina home or business environment with access to a network. In an exemplaryembodiment, access is through the Internet through acommercially-available web-browser software package.

As will be appreciated by one of ordinary skill in the art, the presentinvention may be embodied as a method, a data processing system, adevice for data processing, and/or a computer program product.Accordingly, the present invention may take the form of an entirelysoftware embodiment, an entirely hardware embodiment, or an embodimentcombining aspects of both software and hardware. Furthermore, thepresent invention may take the form of a computer program product on acomputer-readable storage medium having computer-readable program codemeans embodied in the storage medium. Any suitable computer-readablestorage medium may be utilized, including hard disks, CD-ROM, opticalstorage devices, magnetic storage devices, and/or the like.

In the foregoing specification, the invention has been described withreference to specific embodiments. However, it will be appreciated thatvarious modifications and changes can be made without departing from thescope of the present invention. The specification and figures are to beregarded in an illustrative manner, rather than a restrictive one, andall such modifications are intended to be included within the scope ofpresent invention. Benefits, other advantages, and solutions to problemshave been described above with regard to specific embodiments. Noelement described herein is required for the practice of the inventionunless expressly described as “essential” or “critical.”

What is claimed is:
 1. A method comprising: authenticating, by acomputer based system for securely accessing a message, a first intendedrecipient using a second identifier associated with the intendedrecipient; capturing, by the computer based system, a browser type andIP address of the authenticated first intended recipient; determining,by the computer based system, the message that is associated with afirst identifier of the first intended recipient; and allowing, by thecomputer based system, access to the message associated with the firstidentifier by the first intended recipient via a secure website.
 2. Themethod of claim 1, wherein the first identifier is an account code. 3.The method of claim 1, wherein the second identifier is at least one ofa combination of a user identification and password, and a physicalcharacteristic of the first intended recipient identifiable by abiometric identification system.
 4. The method of claim 1, wherein themessage includes: a message portion; and an attachment file in a formatthat is different from a format of the message portion.
 5. The method ofclaim 1, wherein the message includes at least one of customer accountinformation, a financial statement, a special offer, a response to aninquiry, and a transaction confirmation.
 6. The method of claim 1,further comprising encrypting the secure website to view the messageusing an encryption method.
 7. The method of claim 1, further comprisingnotifying, by the computer based system, the first intended recipient ofthe message.
 8. The method of claim 1, further comprising notifying, bythe computer based system, the first intended recipient of the messagevia a notification message, wherein the notification message contains atleast one of an address of and a link to the secure website.
 9. Themethod of claim 1, wherein the message is not transmitted via email. 10.The method of claim 1, wherein the content of the message is notcommunicated over unsecure channels.
 11. The method of claim 1, whereinthe message is stored in a common storage area of a database.
 12. Themethod of claim 1, wherein the message is stored for dynamic access by asecond intended recipient via the secure website.
 13. The method ofclaim 1, wherein in response to no second identifier being associatedwith the first intended recipient, the first intended recipient isprompted to at least one of create and register the second identifier.14. The method of claim 1, further comprising providing at least one ofa second address of and link to a secure webpage on the secure website,the secure webpage containing the message, in response to successfullyauthenticating the first intended recipient.
 15. The method of claim 1,wherein in response to the message having multiple intended recipients,a separate copy of the message is not stored in the database for eachintended recipient.
 16. A system comprising: a processor for securelyaccessing a message, a tangible, non-transitory memory configured tocommunicate with the processor, the tangible, non-transitory memoryhaving instructions stored thereon that, in response to execution by theprocessor, cause the processor to perform operations comprising:authenticating, by the computer based system, a first intended recipientusing a second identifier associated with the intended recipient;capturing, by the computer based system, a browser type and IP addressof the authenticated first intended recipient; determining, by thecomputer based system, the message that is associated with a firstidentifier of the first intended recipient; and allowing, by thecomputer based system, access to the message associated with the firstidentifier by the first intended recipient via a secure website.
 17. Thesystem of claim 16, further comprising notifying, by the computer basedsystem, the first intended recipient of the message via a notificationmessage, wherein the notification message contains at least one of anaddress of and a link to the secure website.
 18. The system of claim 16,wherein the message is stored for dynamic access by a second intendedrecipient via the secure website.
 19. The system of claim 16, wherein inresponse to no second identifier being associated with the firstintended recipient, the first intended recipient is prompted to at leastone of create and register the second identifier.
 20. An article ofmanufacture including a non-transitory, tangible computer readablestorage medium having instructions stored thereon that, in response toexecution by a computer-based system for securely accessing a message,cause the computer-based system to perform operations comprising:authenticating, by the computer based system, a first intended recipientusing a second identifier associated with the intended recipient;capturing, by the computer based system, a browser type and IP addressof the authenticated first intended recipient; determining, by thecomputer based system, the message that is associated with a firstidentifier of the first intended recipient; and allowing, by thecomputer based system, access to the message associated with the firstidentifier by the first intended recipient via a secure website.